(ASCEND) How to run multiple RADIUS Servers on one system?

To: Ascend Users Mailing List <ascend-users@bungi.com>
Subject: (ASCEND) How to run multiple RADIUS Servers on one system?
From: Neil Movold <nmlist@ibl.bm>
Date: Wed, 6 May 1998 10:42:48 -0400 (GMT-0400)
cc: neil@logic.bm
Sender: owner-ascend-users@max.bungi.com

I have a requirement to run multiple instances of the Ascend Radius server
on one of my Solaris V2.6 systems.  However, I have run into some
problems.  Here is what I am trying to do :

Have two radius servers running as follows :

        radius_server1     ports 7000 and 7001
        radius_server2     ports 1645 and 1646

When a call comes in on my MAXen, it is passed off to the radius_server1,
and the username will be checked.  If it is of the form "user@domain" then
I need to pass it off to another radius server at another location for
authentication.  If it is not of the form "user@domain" then I need
radius_server1 to pass the authorization request to radius_server2 for
local authentication.  So, in other words, radius_server1 will not look in
a local users file to authenticate. 

The problems that I am running into are as follows :

1) I cannot put two entries in /etc/services for "radius", since
   the source code for the Ascend Radius server does a check for 
   radius/udp.  For example, here would be an example /etc/services

   radius	1645/udp
   radacct      1646/udp
   radius       7000/udp
   radacct      7001/udp

   The problem here is that if radius_server1 is listening to 
   ports 7000 and 7001, as defined in radius.h, when the
   radius daemon looks up radius/udp in the /etc/services file,
   if will find a binding to "radius    1645/udp" and not the
   real 7000/udp port.  The result is that the MAXen will not
   bind to the proper port.

2) How do I just pass on the request from radius_server1 to 
   radius_server2?


I have started looking through the source and I can see how I can solve 1) 
by changing the name of the service that is being looked for in
/etc/services.  So, the daemon would lookup "radius_server1" instead of
the stock "radius" entry.  However, is this the only way to do this?  Is
it the best way to do this? 

I am working with the source distribution radius-122297 that I downloaded
from the Ascend FTP site.

Thanks for any insight you may have,

				   Neil :-)

--------------------------------------------------------------------------
Neil Movold                             Phone: (441) 296-9628
Director of Technology                  Fax: (441) 295-1149
Logic Communications Ltd.               E-Mail: neil@logic.bm
P.O. Box HM 2445                        WWW: http://www.logic.bm
Hamilton, Bermuda, HM JX                WWW: http://www.bermuda.bm

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: RE: (ASCEND) Ascend + Euro ISDN
Next by Date: (ASCEND) Fuse on a P50 WAN port?
Prev by thread: (ASCEND) Fuse on a P50 WAN port?
Next by thread: Re: (ASCEND) How to run multiple RADIUS Servers on one system?
Index(es):
- Main
- Thread